[Pkg-openssl-devel] Bug#438142: Bug#438142: CVE-2007-3108 wrong Montgomery multiplication might cause information leakage
Kurt Roeckx
kurt at roeckx.be
Wed Aug 15 17:46:34 UTC 2007
On Wed, Aug 15, 2007 at 05:56:51PM +0200, Nico Golde wrote:
> Package: openssl
> Version: 0.9.8e-5
> Severity: important
> Tags: security
>
> Hi,
> CVE-2007-3108[0]:
> The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
> earlier does not properly perform Montgomery multiplication, which might allow
> local users to conduct a side-channel attack and retrieve RSA private keys.
>
> Openssl seems to be vulnerable in (oldstable), stable, testing and unstable.
> I couldn't find any note about a fix for this in the changelogs.
>
> If you fix this issue please include the CVE id in the changelog.
> You can find patches for the 0.9.8 versions on:
> http://www.securityfocus.com/bid/25163/solution
So, this was all a bit confusing. What I get is:
For HEAD the fixes are:
http://cvs.openssl.org/chngview?cn=16275
http://cvs.openssl.org/chngview?cn=16282
http://cvs.openssl.org/chngview?cn=16306
For 0.9.8e you need:
http://openssl.org/news/patch-CVE-2007-3108.txt
Which is a combination of:
http://cvs.openssl.org/chngview?cn=16277
http://cvs.openssl.org/chngview?cn=16308
(The assembler versions don't exists in 0.9.8e)
Kurt
More information about the Pkg-openssl-devel
mailing list